i got the following setup
Listen 443
NameVirtualHost *:443
<virtualhost *:443>
Servername 1.domain.com
DocumentRoot /1
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /etc/apache/1.cer
SSLCertificateKeyFile /etc/apache/1.key
SSLCertificateChainFile /etc/apache/1.crt
</virtualhost>
<virtualhost *:443>
Servername 2.domain.com
DocumentRoot /2
SSLEngine on
SSLVerifyClient none
SSLCertificateFile /etc/apache/2.cer
SSLCertificateKeyFile /etc/apache/2.key
SSLCertificateChainFile /etc/apache/2.crt
</virtualhost>
for some reason SNI takes the certificate from 1.domain.com on website 2 resulting in a not secure connection warning page. anyone got an idea why?
i'm using apache Apache/2.2.15 (Unix)
and OpenSSL 1.0.1e-fips
i've manged to get it to work, apparently apache requires the namevirtualhost to be in the /etc/httpd/conf.d/ssl.conf file instead of the httpd.conf
Related
I am trying to enable SSL for port 4100 for an Amazon EC2 Instance. When I access the site https://test.example.com:4100/login, I get an error as follows - The requested URL /login was not found on this server. Can someone please help me?
I've modified httpd.conf as below -
<IfModule mod_ssl.c>
NameVirtualHost *:4100
Listen 4100
</IfModule>
<VirtualHost *:4100>
ServerName test.example.com
SSLProxyEngine on
SSLEngine on
SSLCertificateKeyFile /etc/letsencrypt/live/test.example.com/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/test.example.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/test.example.com/fullchain.pem
DocumentRoot /var/www/html/
</VirtualHost>
ssl.conf
Listen 443
<VirtualHost _default_:443>
SSLProxyEngine on
SSLEngine on
SSLCertificateKeyFile /etc/letsencrypt/live/test.example.com/privkey.pem
SSLCertificateFile /etc/letsencrypt/live/test.example.com/cert.pem
SSLCertificateChainFile /etc/letsencrypt/live/test.example.com/fullchain.pem
<VirtualHost>
I installed the ssl, but browsers are showing it's not secure.
I bought my ssl from ssls.com
this is my /etc/httpd/conf/httpd.conf file:
ServerAdmin webmaster#dummy-host.example.com
DocumentRoot /root/public_html
ServerName www.example.com
ErrorLog logs/dummy-host.example.com-error_log
CustomLog logs/dummy-host.example.com-access_log common
SSLEngine on
SSLCertificateFile /etc/ssl/certs/example_com.crt
SSLCertificateKeyFile /etc/ssl/certs/example_com.privatekey
SSLCertificateChainFile /etc/ssl/certs/example_com.ca-bundle
It's showing my ssl is self-signed, but that's not what I want.
Actually I fixed the issue. Listen was set to
listen 80
and I changed it to
listen 443
To enable SSL, I've uncommented this line in httpd.conf:
# Secure (SSL/TLS) connections
Include /Applications/MAMP/conf/apache/extra/httpd-ssl.conf
The httpd-ssl.conf file itself I've left untouched, and created .crt and .key files for a self-signed SSL certificate in the places it's expecting to see them by default:
SSLCertificateFile "/Applications/MAMP/conf/apache/server.crt"
SSLCertificateKeyFile "/Applications/MAMP/conf/apache/server.key"
Back in the main httpd.conf, I've created a VirtualHost for a site I want to use SSL, and configured like this to eventually get it working:
NameVirtualHost *
<VirtualHost *>
DocumentRoot "/Users/jonnott/Documents/sslsite1.dev"
ServerName sslsite1.dev:443
ServerAlias www.sslsite1.dev
SSLEngine on
SSLCertificateFile "/Applications/MAMP/conf/apache/server.crt"
SSLCertificateKeyFile "/Applications/MAMP/conf/apache/server.key"
</VirtualHost>
This SSL site now works fine.
However, the problem I have is that now whenever I try to visit any local non-SSL hosts, I get this error:
Bad Request
Your browser sent a request that this server could not understand.
Reason: You're speaking plain HTTP to an SSL-enabled server port.
Instead use the HTTPS scheme to access this URL, please.
These other non-SSL sites are configured in httpd.conf like this:
<VirtualHost *>
DocumentRoot "/Users/jonnott/Documents/site2.dev"
ServerName site2.dev
ServerAlias www.site2.dev
</VirtualHost>
What am I missing / doing wrong?
I think I've pretty much figured it out after reading this:
http://httpd.apache.org/docs/2.0/ssl/ssl_faq.html#vhosts2
I needed BOTH of these in my httpd.conf before the start of my VirtualHost directives:
NameVirtualHost *:80
NameVirtualHost *:443
..and then each VirtualHost needed to be port-specific:
<VirtualHost *:80>
DocumentRoot "/Users/jonnott/Documents/Projects/site1"
ServerName site1.dev:80
</VirtualHost>
<VirtualHost *:443>
DocumentRoot "/Users/jonnott/Documents/Projects/site1"
ServerName site1.dev:443
SSLEngine on
SSLCertificateFile "/Applications/MAMP/conf/apache/server.crt"
SSLCertificateKeyFile "/Applications/MAMP/conf/apache/server.key"
</VirtualHost>
I have website on ubuntu with apache server. Domain is from godaddy. When I type example.com it's running file under SSL (with https). But, for www.example.com it's giving me below error.
www.example.com uses an invalid security certificate. The certificate is only valid for the following names: someother.com, www.someother.com, someother.com (Error code: ssl_error_bad_cert_domain)
What I did?
I tried to talk with godaddy. They suggested me to disable SSL v3 from apache server. Everything is ok from their side.
Then I changed ssl.conf file with this: SSLProtocol All -SSLv2 -SSLv3 according to this documentation. But, still it's giving me the same error.
configurations
<VirtualHost *:80>
ServerAdmin myemail#gmail.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/example/public_html
ErrorLog /var/www/example/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
<VirtualHost _default_:443>
ServerName example.com
DocumentRoot /var/www/example/public_html
ErrorLog /var/www/example/error.log
SSLEngine on
SSLCertificateFile /etc/apache2/ssl/example.crt
SSLCertificateKeyFile /etc/apache2/ssl/example.key
SSLCertificateChainFile /etc/apache2/ssl/example-bundle.crt
</VirtualHost>
Let me know if you need more info.
I have a CentOS/Apache+OpenSSL server. I host two domain names with wildcard sub domains (application logic surfaces the correct site), e.g.
https://*.testing1.com
https://*.testing2.com
It works great over HTTP:-
<VirtualHost *:80>
# Admin email, Server Name (domain name) and any aliases
ServerAdmin webmaster#testing1.com
ServerName testing1.com
ServerName testing2.com
ServerAlias *.testing1.com *.testing2.com
# Index file and Document Root (where the public files are located)
DirectoryIndex index.html index.php
DocumentRoot /home/app/public_html/public
</VirtualHost>
I've purchased two Wildcard SSL certificated for both testing1.com and testing2.com, but I'm unsure how to set it up in this structure:-
<VirtualHost *.testing1.com:443>
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/*.testing1.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/*.testing1.com.key
SSLCACertificateFile /etc/httpd/ssl/geotrust.cer
ServerAdmin john#testing1.com
ServerName testing1.com
ServerAlias *.testing1.com
DirectoryIndex index.html index.php
DocumentRoot /home/app/public_html/public
</VirtualHost>
<VirtualHost *.testing2.com:443>
SSLEngine On
SSLCertificateFile /etc/httpd/ssl/*.testing2.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/*.testing2.com.key
SSLCACertificateFile /etc/httpd/ssl/geotrust.cer
ServerAdmin john#testing2.com
ServerName testing2.com
ServerAlias *.testing2.com
DirectoryIndex index.html index.php
DocumentRoot /home/app/public_html/public
</VirtualHost>
The above for the SSL doesn't work, with the *.testing1.com definition, nor with just testing1.com.
I will also need to repeat this for testing2.com
Name-based virtualhosts and SSL wil only work if all the virtualhosts are within the same domain and you have a wildcard SSL certificate for that domain.
But you have 2 different domains.
In this case it will only work if you give each SSL-enabled virtualhost it's own IPaddress.
So you should use IP-based virtualhosts, not Name-based.
Explanation:
The ServerName which is requested, is contained in the HTTP request headers, but before that the SSL encryption must be already setup. So the ServerName is only available after the encryption has been setup. Therefore Apache can never know which SSL certificate te serve up and wil just use the first one available on that particular IPaddress.
With the single dedicated IP we can configure domain-based wildcard SSL in centos + apache2.2 server.
Hope the configurations below will help you guys!!
NameVirtualHost IP:80
NameVirtualHost IP:443
Domain 1
<VirtualHost IP:80>
ServerName abc.domain1.com
DocumentRoot /var/www/html/domain1
</VirtualHost>
<VirtualHost IP:443>
ServerName *.domain1.com
DocumentRoot /var/www/html/domain1
SSLEngine On
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /var/www/html/domain1/cert/5465456.crt
SSLCertificateKeyFile /var/www/html/domain1/cert/domain1.com.key
SSLCertificateChainFile /var/www/html/domain1/cert/g2-g1.crt
</VirtualHost>
Domain 2
<VirtualHost IP:80>
ServerName abc.domain2.com
DocumentRoot /var/www/html/domain2
</VirtualHost>
<VirtualHost IP:443>
ServerName abc.domain2.com
DocumentRoot /var/www/html/domain2
SSLEngine On
SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL
SSLCertificateFile /var/www/html/domain2/cert/5465456.crt
SSLCertificateKeyFile /var/www/html/domain2/cert/domain1.com.key
SSLCertificateChainFile /var/www/html/domain2/cert/g2-g1.crt
</VirtualHost>